Privacy Policy
Last updated: 21 April 2026
At El Trapella del Poblenou we take privacy seriously. This policy explains, clearly, what data we collect, what we use it for, and what you can do to control it.
This privacy policy governs the processing of personal data provided by users through the website eltrapelladelpoblenou.com (hereinafter, "the website") in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
Data controller
The controller responsible for the processing of personal data collected through the website is:
Company name Trapella Crew S.L.
Tax ID (CIF) ESB22886626
Address Carrer de Pujades, 207 Bis, 08005 Barcelona
Phone +34 626 72 84 92
Contact email info@eltrapelladelpoblenou.com
Data collected and purposes
Depending on your interaction with us, we may collect the following personal data:
| Interaction | Data collected | Purpose |
|---|---|---|
| Table booking (via Google Reserve) |
Name, phone, email, number of guests, date and time | Manage the booking and confirm availability |
| Enquiry via WhatsApp or email | Name, phone or email, content of the message | Respond to the enquiry |
| Website browsing | IP address, browsing data, technical and analytical cookies | Analyse site functioning and improve user experience |
| Group booking | Name, phone, tentative date, number of guests, type of event | Coordinate the personalised group booking |
We do not collect sensitive data (health, ideology, racial origin, etc.) nor do we carry out commercial profiling of users. We do not sell or transfer data to third parties for commercial purposes.
Legal basis for processing
The legal basis for processing your personal data depends on the purpose:
- Booking management: performance of a contract or pre-contractual measures (Article 6.1.b GDPR).
- Responding to enquiries: consent of the data subject when sending the message (Article 6.1.a GDPR).
- Compliance with legal obligations: tax, commercial and labour obligations applicable to the hospitality sector (Article 6.1.c GDPR).
- Website analytics: legitimate interest of the controller in improving the service (Article 6.1.f GDPR), with the possibility to object.
Retention period
We will retain your personal data for the periods strictly necessary to fulfil the purpose for which they were collected and, subsequently, for the periods legally required:
- Booking data: until the end of the service and, subsequently, for the legal periods applicable for tax and commercial purposes (up to 6 years under the Spanish Commercial Code).
- Enquiry data (WhatsApp/email): for the time necessary to respond and, where applicable, to manage any resulting liabilities.
- Browsing data: according to the periods indicated in the Cookie Policy.
Recipients of the data
Your personal data may be shared with the following recipients with the safeguards required by the regulation:
- Technology service providers: 10Web Hosting (web hosting) and Google (Google Reserve for bookings, Google Analytics for analytics, Google Maps for location).
- Meta Platforms (WhatsApp): when an enquiry is sent through the restaurant's WhatsApp number.
- Accounting and tax providers: external advisors who manage the restaurant's accounting.
- Public administrations: only when legally required (Tax Agency, Social Security, etc.).
International transfers: some of the providers mentioned (Google, Meta) may transfer data outside the European Economic Area. These transfers are carried out under the appropriate safeguards set out by the GDPR (standard contractual clauses approved by the European Commission).
Your rights as a data subject
As a data subject, the law recognises the following rights over your personal data:
- Right of access: to know what personal data we hold about you.
- Right to rectification: to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): to request that we delete your data when it is no longer necessary.
- Right to restriction of processing: to request that we pause the use of your data in certain cases.
- Right to data portability: to receive your data in a structured format and transfer it to another controller.
- Right to object: to object to the processing of your data when the legal basis is legitimate interest.
- Right to withdraw consent at any time, without this affecting the lawfulness of previous processing.
- Right not to be subject to automated decision-making that produces legal effects.
How to exercise your rights
You can exercise your rights free of charge by sending a request to:
Email info@eltrapelladelpoblenou.com
Postal address Carrer de Pujades, 207 Bis, 08005 Barcelona
To verify your identity, you may be asked to attach a copy of your ID card, passport or other valid identification document to your request. We will respond to your request within a maximum of one month from receipt.
If you consider that we have not handled your request properly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), through its website www.aepd.es.
Security measures
We apply appropriate technical and organisational measures to ensure the security of your personal data, including:
- HTTPS encryption on all website communications.
- Regular backups managed by the hosting provider.
- Restricted access controls limited to strictly necessary personnel.
- Confidentiality commitment from staff with access to the data.
However, no system is 100% infallible. In the event of a security breach that may pose a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with the deadlines required by the GDPR.
Processing of minors' data
The website is intended for people over 14 years of age. We do not knowingly collect personal data from minors under 14. If we detect that we have received data from a minor without the consent of their parents or legal guardians, we will delete it immediately.
Changes to this policy
We reserve the right to modify this privacy policy to adapt it to legislative, jurisprudential or sector best-practice changes. In the event of significant modifications, we will communicate this through the website.
We recommend you review this page periodically. The date of the last update appears at the beginning of the document.